David Benjamin discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2020-1971)
Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23841)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.0.1f-1ubuntu2.27+esm2", "binary_name": "libssl1.0.0" }, { "binary_version": "1.0.1f-1ubuntu2.27+esm2", "binary_name": "libssl-dev" }, { "binary_version": "1.0.1f-1ubuntu2.27+esm2", "binary_name": "openssl" }, { "binary_version": "1.0.1f-1ubuntu2.27+esm2", "binary_name": "libssl-doc" }, { "binary_version": "1.0.1f-1ubuntu2.27+esm2", "binary_name": "libcrypto1.0.0-udeb" }, { "binary_version": "1.0.1f-1ubuntu2.27+esm2", "binary_name": "libssl1.0.0-udeb" } ] }